push.rocks/smartdns
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(dns-server): Improve DNS server interface binding by adding explicit IP validation, configurable UDP/HTTPS binding, and enhanced logging.

Browse Source
This commit is contained in:
Philipp Kunz
2025-05-28 19:03:45 +00:00
parent df209ffa71
commit dd12641fb0
8 changed files with 576 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
readme.md
View File

@@ -190,6 +190,17 @@ const dnsServer = new DnsServer({
dnssecZone: 'example.com' // Optional: enable DNSSEC for this zone
});
// For enhanced security, bind to specific interfaces
const secureServer = new DnsServer({
udpPort: 53,
httpsPort: 443,
httpsKey: 'path/to/key.pem',
httpsCert: 'path/to/cert.pem',
dnssecZone: 'example.com',
udpBindInterface: '127.0.0.1', // Bind UDP to localhost only
httpsBindInterface: '127.0.0.1' // Bind HTTPS to localhost only
});
// Register a handler for all subdomains of example.com
dnsServer.registerHandler('*.example.com', ['A'], (question) => ({
name: question.name,
@@ -363,6 +374,56 @@ await dnsServer.start();
// https://localhost:8443/dns-query
```
### Interface Binding
For enhanced security and network isolation, you can bind the DNS server to specific network interfaces instead of all available interfaces.
#### Localhost-Only Binding
Bind to localhost for development or local-only DNS services:
```typescript
const localServer = new DnsServer({
udpPort: 5353,
httpsPort: 8443,
httpsKey: cert.key,
httpsCert: cert.cert,
dnssecZone: 'local.test',
udpBindInterface: '127.0.0.1', // IPv4 localhost
httpsBindInterface: '127.0.0.1'
});
// Or use IPv6 localhost
const ipv6LocalServer = new DnsServer({
// ... other options
udpBindInterface: '::1', // IPv6 localhost
httpsBindInterface: '::1'
});
```
#### Specific Interface Binding
Bind to a specific network interface in multi-homed servers:
```typescript
const interfaceServer = new DnsServer({
udpPort: 53,
httpsPort: 443,
httpsKey: cert.key,
httpsCert: cert.cert,
dnssecZone: 'example.com',
udpBindInterface: '192.168.1.100', // Specific internal interface
httpsBindInterface: '10.0.0.50' // Different interface for HTTPS
});
```
#### Security Considerations
- **Default Behavior**: If not specified, servers bind to all interfaces (`0.0.0.0`)
- **Localhost Binding**: Use `127.0.0.1` or `::1` for development and testing
- **Production**: Consider binding to specific internal interfaces for security
- **Validation**: Invalid IP addresses will throw an error during server startup
### Advanced Handler Patterns
#### Pattern-Based Routing